Security Administration Options

In conjunction with the GRANT statement, the REVOKE statement supports the discretionary access control (DAC) data security feature of HCL OneDB™ by specifying which users or roles hold privileges that are required to access the database or objects within the database.

The Security Administration Options of the REVOKE statement, like their counterparts for the GRANT statement, support an additional set of data security features, called label-based access control (LBAC). These features enable HCL OneDB to allow or withhold access to protected data on the basis of a comparing a row security label or column security label that is contained in the data object to the user security label and other credentials that have been granted to the user who is seeking access.

(1)
Security Administration Options

1  %DBSECADM Clause1
1  %EXEMPTION
Clause2
1  %SECURITY LABEL Clause3
1  %SETSESSIONAUTH
Clause4
Use of these REVOKE statement security administration options is restricted:
  • Only the Database Server Administrator (DBSA), by default user informix, can use the REVOKE DBSECADM statement to revoke the DBSECADM role.
  • Only a user who holds the DBSECADM role can issue the REVOKE EXEMPTION, REVOKE SECURITY LABEL, or REVOKE SETSESSIONAUTH statements.